“Viruses Revealed”

There are always people who want to piggy-back on the achievements of others. After ESET warned the public against ACAD/Medre.A in two blogs here and here and issued a free standalone cleaner for remediation, there was always the possibility that drawing attention to the issue would result in the topic being misused for other purposes.

For the story behind the suspected industrial espionage, where ACAD/Medre.A was used, refer to Righard Zwienenberg's blog post. For technical details from analysing the worm's source code, read on. ACAD/Medre.A is a worm written in AutoLISP, a dialect of the LISP programming language used in AutoCAD. Whilst we classify it as a worm, due to

The malware news today is all about new targeted, high-tech, military grade malicious code such as Stuxnet, Duqu and Flamer that have grabbed headlines. So imagine our surprise when an AutoCAD worm, written in AutoLISP, the scripting language that AutoCAD uses, suddenly showed a big spike in one country on ESET’s LiveGrid® two months ago,

As written in our “Password management for non-obvious accounts” blog post on February 22, the FBI confiscated the DNS Servers used by the DNS Changer malware and replaced them with different servers so that infected users would not be left without internet right away. Initially these replacement DNS Servers were to be taken offline on

Malicious software that gets updates from a domain belonging to the Eurasian state of Georgia? This unusual behavior caught the attention of an analyst in ESET's virus laboratory earlier this year, leading to further analysis which revealed an information stealing trojan being used to target Georgian nationals in particular. After further investigation, ESET researchers were

...there are (over) 2,095,006,005 Internet users nowadays (due credit to www.internetworldstats.com). Inevitably, some of them are going to have the same name as real celebrities and fictional characters...

...conceptually there is a direct line of succession from this worm to the social engineering worm/Trojan hybrids of the early noughties. Clearly, the line continues through to the social network malware (real and memetic) of today...

...While there are those who think that I've been in the anti-virus industry since mammoths roamed the Surrey hills, most of my computing career has actually been in medical informatics, though as you might expect from what I do now, documentation, security and systems/user support played a large part most of that time....

I don’t suppose anyone remembers my mentioning this before, or cares much anyway, but the 19th of December marks what I consider to be the 20th official anniversary of my entry into the anti-virus/security field. Nowadays, viruses (and, in general, worms) have declined in importance and now constitute a fairly small proportion of the totality